2 Replies Latest reply on Jul 31, 2012 12:22 AM by Shinogi

    Malicious exe download detection

    omegaleon

      We have a requirement to detect exe downloads. There are a couple ways I can think to do this.

       

      Option 1...Catch HTTP get requests.. for files ending in exe. (Issue obviously being that the GET could be for jpg but ... Content-Type:                                 application/octet-stream

      Option 2.. try and catch MZ in the first x bytes.  but there are some issues with  gzip/chunked encoding etc..

       

      What do you all recommend?